MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

Malware Remediation vs. Reimaging: The Right Answer Is The Easy Answer

Posted October 8, 2014by Chad Bacher

MalwarebytesNavigateSponsorBlogImage
Ask an IT admin what his/her least favorite task is, and “reimaging an infected endpoint” is bound to be near the top of the list. And for good reason: It’s a slow, tedious timesuck.


The Drawn Out Malware Reimaging Process

  •        Ambling out to the endpoint
  •        Checking that there is a backup
  •        Checking that the backup is uninfected and uncorrupted
  •        Downloading the backup
  •        Locating and entering license keys
  •        Updating drivers
  •        Patches and patching
  •        Oddball endpoint customization
  •        “User re-education” (aka gently reminding the user to avoid suspect files, links, or websites)

 

Lackluster & Misguided Results 

This all adds up to at least a couple of hours under the hood restoring the endpoint to its pre-infection state. And there’s no guarantee that restoration is complete—there’s always the question of what work or data is lost between the last clean backup and time of infection. The result is lost productivity, from the workstation downtime, to time spent by IT reimaging, to possibly lost work needing to be recreated by the user.

Yet, again and again, I heard IT admins at a recent tradeshow tell the same reimaging stories. The impetus for reimaging usually revolved around this: The endpoint was infected and the admin didn’t trust his/her endpoint security to remove all the malicious code.

Not an unfounded concern. According to recent testing by independent lab AV-Test.org, many antivirus products can detect and block known malware, but many of those same products can’t completely remove the malicious files. Though while sometimes only harmless fragments of the malicious code are left behind, they can raise false positives.

(And, if the antivirus didn’t even detect and quarantine the malicious code, and it executed in memory, well, your remediation problem can turn into an IT dumpster fire. See: CryptoLocker)

But this reflexive reimaging is often unnecessary.


Why Malware Remediation Is The Smart & Easy Solution:

The goal should be finding an endpoint security solution or layer that effectively rips malware out by the roots. It’s remediation (removal) short of reimaging, the difference between a neutron bomb and your garden-variety fission bomb. Only this time, the cockroaches don’t make it.

Remediation solves the severe shortcomings of reimaging. Properly executed, remediation removes all traces of malicious code while leaving legitimate files untouched. And it should take only a few moments.

The advantages of remediation over reimaging:

  •        Is vastly faster to implement
  •        Restores all work
  •        Can often be done remotely over the network
  •        Reduces workstation/user downtime

 

Of course, the new breed of anti-exploit products eliminates the entire remediation/reimaging issue by preventing malware from even being dropped into the workstation in the first place. You don’t have to remove what isn’t there, right? An anti-exploit product working alongside an anti-malware product provides the layered defense that probably offers the best endpoint protection. When choosing your anti-malware product, look for security software that remediates, rather than reimages! 

 

 

Are you offering a BDR solution? Hope for the Best, Plan for the Worst: The Keys to Effective Backup & Disaster Recovery

 

 

Chad leads the Product Management team responsible for defining and executing the go-to-market strategy for the entire Malwarebytes product portfolio. He joined Malwarebytes in 2014, with more than 15 years of experience in the security and high-tech industries.

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus